Allow push (#59)

Introduce ALLOW_PUSH, if set to true, allows non-GET methods through the proxy
pull/73/head
Federico Gimenez 2020-12-02 14:58:19 +01:00 committed by GitHub
parent dfb6a5dea2
commit 536f0fc8a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 28 additions and 10 deletions

View File

@ -94,5 +94,8 @@ ENV MANIFEST_CACHE_SECONDARY_TIME="60d"
# In the default config, :latest and other frequently-used tags will get this value. # In the default config, :latest and other frequently-used tags will get this value.
ENV MANIFEST_CACHE_DEFAULT_TIME="1h" ENV MANIFEST_CACHE_DEFAULT_TIME="1h"
# Should we allow actions different than pull, default to false.
ENV ALLOW_PUSH="false"
# Did you want a shell? Sorry, the entrypoint never returns, because it runs nginx itself. Use 'docker exec' if you need to mess around internally. # Did you want a shell? Sorry, the entrypoint never returns, because it runs nginx itself. Use 'docker exec' if you need to mess around internally.
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]

View File

@ -121,6 +121,29 @@ echo "Manifest caching config: ---"
cat /etc/nginx/nginx.manifest.caching.config.conf cat /etc/nginx/nginx.manifest.caching.config.conf
echo "---" echo "---"
if [[ "a${ALLOW_PUSH}" == "atrue" ]]; then
cat <<EOF > /etc/nginx/conf.d/allowed.methods.conf
# allow to upload big layers
client_max_body_size 0;
# only cache GET requests
proxy_cache_methods GET;
EOF
else
cat << 'EOF' > /etc/nginx/conf.d/allowed.methods.conf
# Block POST/PUT/DELETE. Don't use this proxy for pushing.
if ($request_method = POST) {
return 405 "POST method is not allowed";
}
if ($request_method = PUT) {
return 405 "PUT method is not allowed";
}
if ($request_method = DELETE) {
return 405 "DELETE method is not allowed";
}
EOF
fi
# normally use non-debug version of nginx # normally use non-debug version of nginx
NGINX_BIN="/usr/sbin/nginx" NGINX_BIN="/usr/sbin/nginx"

View File

@ -219,16 +219,8 @@ echo "Docker configured with HTTPS_PROXY=$scheme://$http_host/"
# Docker needs this. Don't ask. # Docker needs this. Don't ask.
chunked_transfer_encoding on; chunked_transfer_encoding on;
# Block POST/PUT/DELETE. Don't use this proxy for pushing. # configuration of the different allowed methods
if ($request_method = POST) { include "/etc/nginx/conf.d/allowed.methods.conf";
return 405 "POST method is not allowed";
}
if ($request_method = PUT) {
return 405 "PUT method is not allowed";
}
if ($request_method = DELETE) {
return 405 "DELETE method is not allowed";
}
proxy_read_timeout 900; proxy_read_timeout 900;